Microsoft Azure Active Directory (AD) is a cloud-based service to handle identity and access management. It has capabilities like multifactor authentication, self-service password reset, role-based access control, security monitoring, managing alerts etc. When a user creates an Azure AD directory, it automatically links with Azure subscription.
Azure AD provides an easy way to give users single sign-on (SSO) access to various applications, like Office 365, Dropbox, Salesforce etc. Azure AD improves application security with multifactor authentication and conditional access.
Azure AD can also be integrated with on-premise Windows AD using Azure AD connect which provides organizations to use their existing on-premise identity system to manage access to a cloud-based application.
Azure AD capabilities come up in 3 versions - Basic, Premium P1 and Premium P2. Paid editions P1 and P2 are built on top of free versions and provide more rich security facilities like monitoring security, self-service password management, privileged identity management etc.
Now, let’s jump on the demo part and learn how to create the active directory.
- Login to Azure Portal (If you don’t have Azure account then you can sign up for Azure free trial)
- From the left side pane, select Azure Active Directory or write it in a search box from the top of Azure dashboard.
- In create directory section, fill out the details like organization name, initial domain name, select country or origin. The initial domain name should be unique else it will throw an error if it’s already used by another user.
- Click on the ‘Create’ button to create the directory.
- After successful creation of the directory, a new window appears as shown below.
- Now, our next step is to create a group in the directory and assign a user to the group.
- Click on ‘Groups’ tab to create a new group.
- Click on ‘New Group’.
- Enter the Group Name as ‘IT’.
- Click the ‘Create’ button.
- You can see the new group in the Group window.
- Click on the ‘Users’ tab to create a new user.
- Click on ‘Create new user’.
- Fill in the details like Name, User name, profile, directory.
- Enter the name ‘adkktest’
- Enter Username that a user enters to sign in to Azure AD. You should use the domain that you use at the time of creation of the active directory. For example - [email protected]
You can define the custom domain but for that, you need to register them.
- Fill in the details in the Profile section.
- Select the Group that you have created earlier. E.g. IT
- Select the Directory Role.
- Click on ‘Show Password’ and note down the password. You will need it when log in with the new username.
- Click ‘Create’
- A new user has been created successfully associated with a group.
So, this is how we can create a new directory and then create a group and assign users to them.